[ubuntu-us-ut] SELinux Support in 8.04
Christer Edwards
christer.edwards at ubuntu.com
Wed Mar 19 18:11:46 GMT 2008
On Wed Mar 19, 2008 at 11:57:16AM -0600, BJ Cardon wrote:
> Can you sell us SELinux for those of us unfamiliar with it?
>
> BJ
SELinux is secure. Apparmour (default) is not ;)
http://en.wikipedia.org/wiki/SELinux
http://www.nsa.gov/selinux/
basically SELinux babysits a targeted list of processes on your machine
and makes sure they behave. It can be thought of as pre-emptive
security for vulnerabilities that aren't even discovered yet.
Example:
Apache gets a vulnerability and an attacker tries to force the process to
serve content from /etc (probably a bad idea). SELinux refers to a
security context list and smacks Apache upside the head for trying to
read files it shouldn't. Apache is never able to server the private
content.
Apparmour, which is the default in Ubuntu & SUSE, tries to do something
similar but its implementation is not as granular and easier to bypass.
Plus, Apparmour was maintained by a small group at Novell.. and then
Novell fired them, so it has a very small un-funded support base.
SELinux is actively developed by Redhat, the NSA and a number of
companies nationwide.
Christer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-us-ut/attachments/20080319/135249e5/attachment.pgp
More information about the ubuntu-us-ut
mailing list